Securing Healthcare Industry: Prevention is Better Than Cure

By Rick Rogers, Area Manager for East and West Africa at Check Point Software Technologies
The healthcare industry, arguably one of the most technologically advanced considering the gadgets and devices now used to monitor health statistics and perform medical procedures, is ironically among the most ‘unhealthy’ when it comes to network security.
Delegates attending the recent Healthcare Innovation Summit were told that medical records are being increasingly targeted by cybercriminals – data from the US showed that 89% of healthcare institutions suffered a security breach and were twice more likely to be targeted than other organisations.
Healthcare record theft increased a shocking 1100% this year with more than100 million records compromised worldwide. The biggest threat, says KPMG comes from external attackers – at 65% – while malware tops the list of information security concerns.
But why is an industry with the technological ability to perform surgery on patients in other countries so sick when it comes to protecting information?
The answer is multi-faceted:
Valuable data. Data collected and stored by hospitals and other organisations, such as medical aid schemes, is up to ten times more valuable to cybercriminals than credit card information. This is due to the sheer volume of information gathered about individuals – and the fact that we’re seeing an increased shift to digital medical records – which makes it easy to commit fraud and identity theft. Given the value of this data on the black market, cyber-attacks are becoming ever more sophisticated in their attempts to hack healthcare institutions.
Ageing infrastructure. Hospitals are melting pots of outdated infrastructure, old operating systems and state-of-the-art medical technology, all communicating over the same networks. Often, hospitals take an ‘if it’s not broken, don’t fix it’ approach to technology, so devices may not be patched with the latest software versions, for example. The problem, however, is that the system is very much broken. KPMG found that, in terms of technical capabilities, the healthcare industry is behind other industries when it comes to protecting infrastructure and information.
Complex networks. The fact that so many different people, devices and departments need to access a medical institution’s records forces them to adopt open networks. Add to this the increasing number of Internet of Things and the myriad Internet-connected gadgets connecting to the network and it becomes difficult to secure and even more vulnerable to attack.
No budget. Security spending in the healthcare industry is at times as little asone-tenth of what other industries spend. When it comes to technology spending, a new MRI machine will likely win the budget lottery over security software.
Easy targets. Ransomware is one of the biggest methods used by cybercriminals to gain access to medical data. This involves ‘kidnapping’ the data and only releasing it once the hospital pays a ransom. Because medical organisations are generally dealing with crises, they need urgent access to their data and are more willing to pay the ransom to get back up and running as quickly as possible. Cybercriminals know this and are exploiting it.
Lack of understanding and awareness. Although medical institutions are becoming more technologically centric, that’s not to say they’re focusing on technology and there’s a lack of understanding of what’s going on when it comes to cyber security. There needs to be an increased understanding of how to defend against attacks like ransomware, coupled with a bigger focus on educating staff and users on how to spot phishing attacks – people are, after all, the weakest link in the security chain.

Prevention is better than cure
It sounds clichéd but, when it comes to security in any sector, prevention certainly is better than cure.
In order to gain a holistic overview of the network, technology managers need to design the infrastructure from the bottom up, starting with the physical layer, comprising devices and other hardware, and working up to the application layer.
This multi-layered approach to security gives IT managers more visibility into the network so that they can see what data is coming into and leaving the network and can implement controls as required. For example, sensitive patient information can be encrypted as it traverses the network between devices, while less sensitive information, such as that collected by fitness devices, can be subject to less stringent protection measures.
Education of staff members is also critical. They need to be able to identify hacks such as spear phishing and ransomware attempts so that they know not to click on malicious links and to alert the IT department to such attempts.
There also needs to be a general increase in awareness within the healthcare sector of the various methods used by cybercriminals to gain access to medical data. In many cases, medical institutions do not even know that they’ve been infiltrated purely because they don’t know the warning signs. They need to take a more proactive approach to network security and understand how to prevent certain attacks.
Security should not be reactive and should not be done just because organisations want to comply with legislation such as the Protection of Personal Information (POPI) Act.
But unfortunately, this is the case in the healthcare industry and it’s the reason why they are always one step behind the attackers. Rather, security should be about prevention and the desire to ensure the integrity of sensitive information.

Hot this week

Is Investing for Me? Rethinking Who the Stock Market is Actually Built For

  By Robinson Kolawole "Investing is not for someone like me."...

CIIN Boss, Yetunde llori, Bows Out, Lists Achievements in Office

Mrs. Yetunde llori, the President/Chairman of Council, Chartered Insurance...

WorldStage Business Forum Q2 2026: Prof. Baale Makes Case for Building World-class Nigerian Corporate Culture

L-R: Mr. Segun Adeleye, President/CEO, World Stage Limited; Prof. Lere...

Insurance Brokers Reaffirm Commitment to Local Content, Digital Innovation at SUPERNEWS Conference

Deputy President of the Nigerian Council of Registered Insurance...

Topics

TotalEnergies Reports $10bn Income in Q3 Driven by LNG Business

TotalEnergies has strengthened its balance sheet and doubled its...

A.M. Best: UK Non-Life Insurers’ Profits under Pressure

Profit margins in the U.K. non-life insurance sector are...

ITU Statistics Confirm ICT Revolution of Past 15 Years

New figures released by ITU indicate that over the past 15 years, information and communication technologies (ICTs) have grown in an unprecedented way, providing huge opportunities for social and economic development. The new figures track ICT progress and show gaps in connectivity since the year 2000, when world leaders established the United Nations Millennium Development Goals (MDGs).Today, there are more than 7 billion mobile subscriptions worldwide, up from 738 million in 2000.

Africa Insurance Women Association to Host International Conference for Women in Insurance

Mrs. Margaret Nkechi Moore President Africa Insurance Women Association The Africa Insurance...

Nigeria Re Names Gbenga Falekulo as New CEO

  Mr. Gbenga Falekulo Managing Director/CEO Nigeria Reinsurance Corporation Mr. Gbenga Falekulo has...

Ecobank Ready to Explore Opportunities in AfCFTA–CEO

The Managing Director, Ecobank Nigeria, Patrick Akinwuntan has said...

Polaris Bank Champions Accelerating Action at IWD Seminar

Cross Section of Secondary School Students who attended Polaris...